Between January and March 2021, a sophisticated threat actor known as HAFNIUM unleashed one of the most devastating supply chain attacks in cybersecurity history. The China-nexus advanced persistent threat (APT) group exploited CVE-2021-26855, a server-side request forgery vulnerability in Microsoft Exchange Server's endpoints. This vulnerability allowed unauthenticated attackers to send arbitrary HTTP requests through the Exchange Server, effectively authenticating as the server itself. Within weeks, over 250,000 Exchange Servers worldwide were compromised, exposing millions of email accounts and providing backdoor access to corporate networks. While Microsoft's security bulletins focused on the Exchange Server architecture, the root cause was a classic SSRF vulnerability. The server's proxy endpoints accepted and forwarded user-controlled parameters without proper validation, enabling attackers to access internal resources and bypass authentication entirely.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Server-Side Request Forgery

  • Roman Canlas

摘要

Between January and March 2021, a sophisticated threat actor known as HAFNIUM unleashed one of the most devastating supply chain attacks in cybersecurity history. The China-nexus advanced persistent threat (APT) group exploited CVE-2021-26855, a server-side request forgery vulnerability in Microsoft Exchange Server's endpoints. This vulnerability allowed unauthenticated attackers to send arbitrary HTTP requests through the Exchange Server, effectively authenticating as the server itself. Within weeks, over 250,000 Exchange Servers worldwide were compromised, exposing millions of email accounts and providing backdoor access to corporate networks. While Microsoft's security bulletins focused on the Exchange Server architecture, the root cause was a classic SSRF vulnerability. The server's proxy endpoints accepted and forwarded user-controlled parameters without proper validation, enabling attackers to access internal resources and bypass authentication entirely.